Cyber Engineer

What we offer

In addition to a competitive salary and a rewarding career where you can truly make a difference, we offer a comprehensive package that meets the various needs of our diverse employees, including:

• Ability to participate in inclusive employee-led networks to educate, inspire, amplify voices, build relationships and provide development opportunities;
• Minimum three (3) weeks of paid annual vacation days, increasing with years of service;
• Four (4) paid personal days;
• Defined benefit pension plan with OMERS, includes 100-per-cent employer matching;
• Health, dental, and vision benefits, including a health spending account available upon your start date;
• Employee and family assistance program;
• Maternity and parental leave top up (93% of base salary);
• Training and development programs including tuition reimbursement of $1500 per calendar year;
• Fitness membership discount;

This job offers the opportunity to work from home as part of a hybrid work arrangement. This arrangement will allow you to work some days at a TCHC work location and the rest of the time from home. The amount of time required to work at a TCHC work location is flexible, while considering operational and service delivery requirements.

Make a difference

Reporting to the Senior Manager, Cyber Defense & Operations, the Cyber Engineer serves as the primary technical bridge between the Cybersecurity, Architecture and Infrastructure functions within the Information and Technology Services (ITS) division. This role exists to ensure that security controls are not only designed and prescribed, but operationally implemented, validated, and sustained across the organization’s infrastructure landscape.

The Cyber Engineer operates as the technical hands of the cybersecurity program – translating security architecture decisions and threat intelligence into concrete, measurable configurations across network, endpoint, cloud, and on-premises environments. The incumbent supports daily cyber operations including threat monitoring, vulnerability remediation, and incident response execution, while also driving the technical integration of security tooling within the broader IT infrastructure.

What you’ll do

Infrastructure Security Engineering

• Work closely with the security architect to design, implement, and validate security controls across network, endpoint, server, cloud (Azure), and hybrid infrastructure environments.
• Configure and maintain enterprise security tools including but not limited to CrowdStrike, Tenable, Microsoft Sentinel, Microsoft Defender, MS Purview and Splunk.
• Assist in implementing security hardening standards and benchmarks (CIS, NIST) across infrastructure components, including firewalls, switches, servers, and cloud workloads.
• Perform technical integration of new security solutions into the existing infrastructure stack, coordinating with network and systems teams.
• Provide technical guidance and implementation support to infrastructure and cyber operations teams on security requirements and standards.
• Act as the primary technical liaison between the cybersecurity function and infrastructure delivery, translating security requirements into actionable engineering tasks.
• Develop and maintain security automation scripts and workflows (PowerShell, Python) to streamline threat detection, vulnerability remediation, and security control enforcement across enterprise infrastructure.
• Design and implement automated response playbooks within SOAR and SIEM platforms to reduce manual intervention and accelerate incident response timelines
• Engineer and maintain identity and access management controls within Microsoft Entra ID (Azure AD), including conditional access policies, Privileged Access Management (PAM), and multi-factor authentication (MFA) configurations aligned to zero-trust principles.
• Conduct periodic access reviews and privilege audits to ensure adherence to least-privilege and role-based access control standards across cloud and on-premises environments.
• Configure and maintain cloud security posture management (CSPM) tooling, including Microsoft Defender for Cloud, to monitor, assess, and remediate security misconfigurations across Azure workloads, subscriptions, and cloud-native services.
• Contribute to the integration of security controls within application development and deployment pipelines, including code scanning, container security, and secure configuration validation as part of the organization's DevSecOps practices.
• Participate in Change Advisory Board (CAB) processes to review and assess the security implications of proposed infrastructure and application changes, ensuring alignment with organizational security policies and risk tolerance.

Cyber Operations & Incident Response

• Support and participate in daily Security Operations Centre (SOC) activities, including alert triage, event correlation, threat hunting, and investigation of security events.
• Execute incident response procedures including containment, eradication, and recovery actions across affected systems and infrastructure.
• Conduct and support formal security investigations involving employee system misuse, policy violations, and cyber incidents, including forensic evidence collection and analysis.
• Prepare investigative findings and expert recommendations that inform management decisions related to corrective or disciplinary action.
• Exercise approved authority to initiate containment and enforcement actions, including suspension or restriction of system access, based on risk assessment and threat analysis.
• Review and analyze logs from security tools, network devices, endpoints, and servers to identify indicators of compromise (IOC) and anomalous activity.
• Support threat intelligence integration into detection rules, SOC playbooks, and operational response procedures.
• Support the tuning and optimization of AI/ML-driven anomaly detection models within SIEM and XDR platforms to improve detection accuracy, reduce false positives, and enhance threat intelligence correlation.

Security Enforcement & Incident Authority

• Enforce information security, acceptable use, and access control policies by taking direct operational action in response to cyber threats, policy violations and security incidents
• Formulate expert recommendations and evidentiary findings relied upon by senior management, People & Culture, and Labour Relations in matters related to employee conduct, corrective action, disciplinary proceedings, and organizational policy enforcement.
• Exercise delegated management authority to initiate containment and enforcement actions — including suspension or restriction of system access, account isolation, and privilege revocation — based on real-time risk assessment and threat analysis, without requiring prior approval for time-sensitive actions.
• Access and analyze confidential employee system activity data, pre-decisional management strategies, and organizational risk posture information that is not shared with bargaining unit employees, in support of management investigations and decision-making.
• Escalate material security incidents and cyber risks to senior management based on severity, organizational impact, and reputational risk, providing professional judgment on recommended courses of action.
• Collaborate with Infrastructure and Operations teams to execute security containment measures within approved cyber frameworks, ensuring timely resolution while preserving evidentiary integrity.

Reporting, Compliance & Risk Support

• Access, analyze, and interpret sensitive employee system activity data for the purpose of detecting, investigating, and responding to policy violations and security incidents.
• Define, track, and report on cybersecurity metrics and key performance indicators (KPIs) — including mean time to detect (MTTD), mean time to respond (MTTR), vulnerability remediation rates, and control coverage — to inform leadership decision-making and demonstrate program maturity.
• Participate in vulnerability assessments, penetration tests, and security audits; proactively assess IT security risks for new and existing infrastructure elements (network/systems/applications/services).
• Support compliance activities related to organizational security policies, standards, and applicable legislation including MFIPPA.
• Contribute to security standards, procedures, and controls documentation.
• Proactively review IT operational processes for potential security gaps, and recommend mitigation measures.
• Support security and threat risk assessments for projects and evaluate tools and solutions against security requirements.
• Support cyber resilience planning activities including backup integrity validation, ransomware recovery testing, and business continuity/disaster recovery (BCP/DR) exercises from a cybersecurity perspective.
• Conduct security assessments of third-party vendors, managed service providers, and SaaS solutions to evaluate supply chain risk and ensure compliance with organizational security requirements and contractual obligations.
• Participates in after-hours and on-call schedule in support of security incidents and critical infrastructure events.
• Role may participate in confidential management investigations and proceedings related to employee conduct.

What you’ll need

• An undergraduate degree (or equivalent experience) in Information Technology, Computer Science, Engineering, Business or related degree is required. Information security specific coursework is an asset.
• One or more security certifications in good standing that may include the following or industry equivalents is an asset.
• CEH: Certified Ethical Hacker, EC-Council Certified Security Analyst, GIAC /SANS Security Certifications, CompTIA CSA+, CISSP, CCSK, Microsoft AZ-500 (Azure Security Engineer Associate)
• 5+ years of progressive hands-on experience in a cybersecurity engineering or infrastructure security role within an enterprise environment.
• Demonstrable experience implementing and operating enterprise security tools such as Tenable IO, SIEM (Sentinel and/or Splunk), EDR (Microsoft Defender and/or CrowdStrike), DLP (MS Purview), or equivalent platforms.
• Working knowledge of cybersecurity frameworks including NIST CSF v2.0, CIS Controls, and/or ISO/IEC 27001.
• Familiarity with network architecture concepts including segmentation, zero-trust principles, and DMZ design.
• Practical experience performing security hardening, vulnerability remediation, and security control validation across network, endpoint, and server infrastructure.
• Experience supporting or participating in security incident response activities including containment, investigation, and recovery.
• Experience with firewall management and security policy review (e.g., Cisco FMC or equivalent).
• Strong technical communication skills; ability to translate security findings into clear, actionable reporting for both technical and non-technical audiences.
• Ability to work effectively across security and infrastructure teams, with a demonstrated ability to drive security requirements through operational delivery.

Nice to have:

• Previous experience with application development security tools would be considered an asset.
• Proven experience integrating and implementing security tools within the enterprise networks such as CrowdStrike, Tenable, MS Purview and Sentinel/Splunk.
• Firewall security policy review using Cisco FMC
• Working knowledge of cybersecurity frameworks such as NIST CSF v2.0, CIS, ISMS/ISO 27001
• Azure cloud security configuration experience.

What’s next

Once you apply, we’ll review your resume and contact you if we believe your skills and experience will make you successful in the role. If you are selected to move forward, the process will include one or more interviews and/or assessments and reference checks.

INDS